Restricting access to sites
Simon Bond
simon.bond at ptr.co.uk
Mon Jul 5 12:48:54 UTC 1999
Hi,
I want to be able to restrict certain machines from performing domain
queries to certain sites.
e.g.
Allow all machines access
Deny machine A from performing a DNS query to xxx.com
Deny machine A,B and C from performing a DNS query to yyy.com
Now, I know that many of you will answer saying that this is the job of
the firewall, but...
If a user on machine A tries to go to xxx.com, the DNS query goes from
machine A to our DNS server, which then raises the ISDN line to the
Internet to perform it's own DNS query. The reply then comes back and
the client machine then tries to go to the site (e.g. via FTP or HTTP),
which is then blocked by the firewall.
So what I'm saying is... I can block FTP or HTTP access to sites, but I
can't block the actual DNS query which goes out before that. Now these
all raise the ISDN line and I want to stop that.
Did that make any sense??
If you reply, could you also reply to my email address as well.
Oh yeah, I'm running bind v8.1.1 on Linux 2.0.37. The Linux box is also
being used as the firewall (ipfwadm)
Thanks,
Simon
More information about the bind-users
mailing list